From e1e1b46c41fe4bfca3d3baebebbf1782882a4403 Mon Sep 17 00:00:00 2001
From: Jaroslav Kysela <perex@perex.cz>
Date: Mon, 30 Oct 2017 12:12:23 +0100
Subject: [PATCH] httpc: fix the wrong receive buffer overflow check, fixes
 #4353

---
 src/httpc.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/httpc.c b/src/httpc.c
index 4bc2dbbc3..b776e0158 100644
--- a/src/httpc.c
+++ b/src/httpc.c
@@ -1026,9 +1026,12 @@ retry:
   }
 
   if (hc->hc_rsize < r + hc->hc_rpos) {
-    if (hc->hc_rsize + r > hc->hc_io_size + 20*1024)
+    if (hc->hc_rpos + r > hc->hc_io_size + 20*1024) {
+      tvhtrace(LS_HTTPC, "%04X: overflow, buf %zd pos %zd read %zd io %zd",
+               shortid(hc), hc->hc_rsize, hc->hc_rpos, r, hc->hc_io_size);
       return http_client_flush(hc, -EMSGSIZE);
-    hc->hc_rsize += r;
+    }
+    hc->hc_rsize += hc->hc_rpos + r + 4*1024;
     hc->hc_rbuf = realloc(hc->hc_rbuf, hc->hc_rsize + 1);
   }
   memcpy(hc->hc_rbuf + hc->hc_rpos, buf, r);
-- 
2.47.2